[wp-trac] [WordPress Trac] #16884: str_replace() in setup-config's get_bloginfo() is bogus
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 18 14:50:58 UTC 2011
#16884: str_replace() in setup-config's get_bloginfo() is bogus
------------------------------------+------------------------------
Reporter: hakre | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.1
Severity: normal | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------------------
Comment (by hakre):
If blind, second patch is safest bet.
I'm just learning this:
1. In case no `/wp-config.php` file exists (e.g. before installation or
on error), the user is motivated to request `/wp-admin/setup-config.php`.
2. This means that `/wp-admin/setup-config.php` is called on installing
the software.
3. There is no other place in core that links nor includes `/wp-admin
/setup-config.php`.
So by usage, `$_SERVER['PHP_SELF']` is most probably `/wp-admin/setup-
config.php`, at least if it contains
[http://www.php.net/manual/en/reserved.variables.server.php the default
value (PHP Manual)].
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16884#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list